Security in the Age of Hybrid Cloud

Hybrid cloud is fast becoming the IT service delivery platform of choice for businesses worldwide. Enterprises in Asia Pacific are leading the way, with 65 percent of companies having started to incorporate hybrid cloud deployment models by 2016.

While hybrid cloud platforms help businesses modernise, transform and innovate, it also brings new risks. Getting to the cloud quickly is worth far less if it means cracking a hole in your security that could lead to loss of customer data and the associated damage to the company’s reputation.

How best can you protect your data and intellectual property across a hybrid cloud?

The rise of the hybrid cloud adds further complexity to strengthening a security posture. The use of smartphones, tablets and remote working has already stretched the network perimeter; hybrid cloud models are further accelerating this trend and blurring the line of where the secure network begins and ends. Agile development and DevOps means applications and sensitive data are constantly changing, requiring frequent updates of telemetry and data collection strategies. Today, applications and workloads are run from a range of on-premises, private and public cloud databases; each one potentially provided by a different vendor, and located almost anywhere in the world.

Securing cloud services with traditional tools and practices has grown unwieldy, requiring the integration and management of 20 or more different security products. In practical terms, success with this approach is nearly impossible because of the time and cost associated with manual forensics and a dearth of skilled labour.

How can any security team ensure that its corporate security policies and industry regulations are applied appropriately across such a diverse and fast-changing environment?

There are two key challenges to overcome when protecting against threats in a hybrid cloud environment. First, organisations need complete visibility of workloads and user activity across the entire hybrid cloud footprint – including those on-premises, in cloud services such as IaaS, PaaS and SaaS and also in unsanctioned ‘shadow IT’ environments. Second, they must put in place a mechanism to process and analyse the massive amount of telemetry and data this sprawling estate will generate. Furthermore, the organisation is expected to overcome these challenges without growing their team or securing additional budget.

In short, organisations need a unified, complete set of data that requires less human effort to interact with and analyse.

Cloud rises to the challenge

Fortunately, cloud technology brings a solution. New cloud services can ingest massive amounts of operational and security telemetry, analyse it in real time using purpose-built machine learning and react to findings using automation. These services offer a step-function improvement in core security operations centre (SOC) functions such as security information and event management (SIEM), user and entity behaviour analytics (UEBA), cloud access security brokers (CASB) and configuration and compliance management – as well as in the context of identity for user activity.

Developing at cloud-scale has allowed providers to deliver a big data platform that includes SIEM, UEBA, CASB, compliance and context-based identity, ensuring information that was traditionally available in separate silos (if it was available to the SOC at all) is unified. Highly-tuned machine learning regimes and automation identify and respond to threats with high confidence, making automated remediation a practical possibility. This inclusion of purpose-built machine learning dramatically improves security and creates a solution able to proactively identify issues or raise the questions you never considered.

As a result of this next-generation approach, highly-skilled SOC analysts can move from spending too much of their time on rote identification of routine issues to focusing on protecting the organisation against the sophisticated advanced persistent threats (APTs) prevalent today.

The unified approach can also provide a critical control point for the compliant use of hybrid cloud, enabling visibility of cloud services across multiple providers as well as on-premises IT. This saves significant time and eliminates human error as organisations continually rebalance workloads across their estate.

A next-generation security solution enables four security functions to scale:

Visibility: All workloads are made transparent, no matter where they are in the dispersed, hybrid estate. This overcomes the key challenge of our modern non-perimeter world – and gives visibility into all cloud environments in use - even the unofficial, unsanctioned ones!

3.Threat identification: A next-generation SIEM with built-in user and entity behaviour analytics (UEBA), CASB feeds and identity context up-levels the capabilities of the SOC to detect suspicious or malicious activities, and identify risky user behaviours before a breach occurs.

4.Automated Remediation: Most organisations under-leverage automation because they lack confidence in their analytical conclusions. By providing trusted conclusions based on machine learning, automated response becomes a higher-percentage of SOC action, increasing overall SOC efficiency just in time to deal with the increased set of threats.

With the added complexity that comes with managing a hybrid cloud environment, more sophisticated capabilities are required to protect the entire cloud/IT footprint and prevent security gaps from arising. Vendors are responding with next-generation solutions that unify data and apply purpose-built machine learning.

What better place to look for solutions to cloud security challenges than in the cloud itself?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.